Meanwhile, the number of passwords used by machines, such as IoT devices, will grow even faster, from around 15 billion in 2015 to around 200 billion in 2020, the report said.

And these numbers don’t include one-time passwords, SSL encryption keys and other short-term credentials, said Joseph Carson, head of global strategic alliances at Thycotic Software, the company that sponsored the report.

“Passwords have been around, literally, for centuries,” he said.

But over the past few years, it’s become popular to predict their death.

Bill Gates predicted the death of the password at an RSA Security conference in 2004. In 2011, IBM predicted that passwords will be replaced by biometrics and similar security systems within five years.

“It’s now years after those statements were made, and passwords are still in heavy use,” he said.

Where biometric authentication has been deployment, it has been as an adjunct to passwords, not a replacement.

“The biometrics are used for ease of access to systems,” he said. But passwords are used to establish the initial trusted relationship, and as a fall back when the biometrics fail.

“Biometrics will never replace passwords,” he said.

According to Carson, the estimates come from worldwide statistics about the total number of computers, operating systems, servers, routers, and other technologies and applications that come with passwords or require users to create passwords to use them.

“Then there are the social media accounts, which have been growing significantly,” he added.

The average user has 25 or more passwords, he said. There is no decline in the number of passwords, he said. In fact, the opposite is the case.

“We find that the growth is accelerating at a massive pace,” he said.

And the use — and reuse — of all these passwords is creating an ever-growing attack surface of both human and machine-to-machine passwords.

A record number of credential breaches was disclosed last year, he added — 3 billion, with three out of every seven people having had at least one password or credential stolen.

A report by the Pew Research Centre said that for U.S. adults, the number was even higher. According to a survey conducted last year, 64% said that they had personally noticed or been notified of a data breach that affected their accounts or personal data.

According to Carson, the financial damages of the breaches will continue to increase as well. Thycotic and Cybersecurity Ventures predicts potential damages from cybercrime to reach $6 trillion (€5.5 trillion) by 2021.